I got an alert from MSE this week saying I had the following Virus:
WinNT/Ramnit.gen!A
I seem to have now removed that but am getting the following:
WinNT/Rustock.E
Also getting alerts about the following file, which I have removed and deleted manually several times, but it keeps re-appearing:
C:Windows/System32/KeWqp981
Below is the OTL Log:
OTL logfile created on: 30/10/2012 15:49:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.97 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.81% Memory free
3.94 Gb Paging File | 2.83 Gb Available in Paging File | 71.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.89 Gb Total Space | 44.81 Gb Free Space | 30.51% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.20% Space Free | Partition Type: NTFS
Drive G: | 982.05 Mb Total Space | 14.02 Mb Free Space | 1.43% Space Free | Partition Type: FAT32
Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/30 15:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2012/10/19 20:27:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/09/17 04:19:26 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Steve\AppData\Local\Temp\7zS2F10\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2010/05/28 17:53:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\tjydqyjj.sys -- (tjydqyjj)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Steve\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ltlicotd.sys -- (ltlicotd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\abyqwkvg.sys -- (abyqwkvg)
DRV - [2012/09/22 15:34:42 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/09 08:30:56 | 000,228,376 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012/06/26 16:56:45 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV - [2012/05/30 09:00:13 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/21 11:12:28 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/05 18:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/sport/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...08-363C478F1139
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=17160
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-04-12 09:48:59&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:18:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:18:09 | 000,000,000 | ---D | M]
[2010/06/20 03:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/06/20 03:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/12 08:48:55 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/04/28 09:43:35 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/12 12:59:27 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.facemoods.com/?a=bf1
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files\RegTweaker\key.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s.work4sure...ge/w4sgeen9.exe (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3490D01-2D2B-4749-9468-9E34BE358641}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16dfd6a5-6912-11df-94e0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{16dfd6a5-6912-11df-94e0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{9201a9df-6cbf-11df-a51f-001e0b2b4861}\Shell - "" = AutoRun
O33 - MountPoints2\{9201a9df-6cbf-11df-a51f-001e0b2b4861}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/30 15:49:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/10/30 15:09:16 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/10/30 15:06:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HijackThis.exe
[2012/10/30 14:47:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2012/10/30 13:09:35 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/10/30 13:03:48 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/30 13:03:27 | 000,906,692 | ---- | C] (Farbar) -- C:\Users\Steve\Desktop\FRST.exe
[2012/10/30 10:38:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/30 10:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/30 10:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/30 10:37:57 | 021,462,096 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2012/10/27 09:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/26 14:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/26 14:21:37 | 014,221,232 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware-5.0.1142.exe
[2012/10/26 13:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/26 13:39:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/26 13:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/26 13:10:50 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/26 09:19:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\brrgwymp
[2012/10/19 20:52:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Macromedia
[2012/10/19 20:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Broadband Desktop Help
[2012/10/19 20:29:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Motive
[2012/10/19 20:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2012/10/19 20:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2012/10/19 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/10/05 08:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/03 08:34:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\FM Genie Scout 10
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/30 15:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/10/30 15:12:23 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 15:12:23 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 15:09:29 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/10/30 15:09:02 | 000,671,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/30 15:09:02 | 000,129,960 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/30 15:06:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HijackThis.exe
[2012/10/30 15:04:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/30 15:04:38 | 1587,253,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/30 13:10:06 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/10/30 13:03:30 | 000,906,692 | ---- | M] (Farbar) -- C:\Users\Steve\Desktop\FRST.exe
[2012/10/30 10:38:40 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/30 10:38:07 | 021,462,096 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2012/10/29 14:31:34 | 000,417,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/27 09:32:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/26 16:51:45 | 000,000,228 | ---- | M] () -- C:\Users\Steve\Desktop\registryfix.reg
[2012/10/26 15:12:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/26 14:21:46 | 014,221,232 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware-5.0.1142.exe
[2012/10/26 13:12:14 | 000,000,055 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\mbam.context.scan
[2012/10/26 13:11:04 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/26 12:20:14 | 001,008,141 | ---- | M] () -- C:\Users\Steve\Desktop\rkill.com
[2012/10/25 13:19:04 | 000,001,079 | ---- | M] () -- C:\Users\Steve\Desktop\Documents - Shortcut.lnk
[2012/10/19 20:29:46 | 000,001,396 | ---- | M] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/10/30 10:38:40 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/27 09:32:31 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/26 16:51:43 | 000,000,228 | ---- | C] () -- C:\Users\Steve\Desktop\registryfix.reg
[2012/10/26 13:40:04 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/26 12:50:20 | 000,000,055 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\mbam.context.scan
[2012/10/26 12:20:03 | 001,008,141 | ---- | C] () -- C:\Users\Steve\Desktop\rkill.com
[2012/10/25 13:19:04 | 000,001,079 | ---- | C] () -- C:\Users\Steve\Desktop\Documents - Shortcut.lnk
[2012/10/19 20:29:46 | 000,001,396 | ---- | C] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk
[2012/06/26 17:10:53 | 000,569,009 | ---- | C] () -- C:\Users\Steve\Tweaking.com-RepairMissingStartMenuIconsRemovedByInfections.exe
[2012/06/26 17:01:02 | 000,555,748 | ---- | C] () -- C:\Users\Steve\Tweaking.com-UnhideNonSystemFiles.exe
[2012/06/26 16:56:45 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/06/26 12:09:23 | 000,000,136 | ---- | C] () -- C:\ProgramData\-Jw0FJLGdUTKF9Qr
[2012/06/26 12:09:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\-Jw0FJLGdUTKF9Q
[2012/06/26 12:09:17 | 000,000,256 | ---- | C] () -- C:\ProgramData\Jw0FJLGdUTKF9Q
[2012/01/20 12:55:48 | 000,195,496 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/03 09:13:37 | 000,164,645 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/10/03 09:13:36 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/09/26 13:54:54 | 000,000,527 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/09/26 13:51:44 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/06/23 15:10:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/16 13:30:33 | 000,003,584 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 11:11:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
========== ZeroAccess Check ==========
[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/05/31 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AVG9
[2011/10/12 12:33:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Azureus
[2011/03/22 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BSD
[2011/07/02 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FrostWire
[2011/03/17 11:34:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MP3Rocket
[2011/09/03 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MusicNet
[2011/09/26 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MyHeritage
[2011/08/08 12:20:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Netscape
[2011/10/01 14:54:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OnLive App
[2011/09/21 14:58:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Scribus
[2011/03/17 10:44:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Shareaza
[2012/08/01 10:36:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sports Interactive
[2011/09/26 13:51:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/11/20 09:49:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Trusteer
[2012/10/26 13:25:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2011/04/09 09:16:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2010/12/26 23:36:44 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\銠̖
[2010/12/26 23:36:44 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\銠̖
[2010/11/28 16:51:08 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\輘Ľ
[2010/11/28 16:51:08 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\輘Ľ
[2010/11/21 22:36:26 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?O) -- C:\Windows\System32\䗠Ō
[2010/11/21 22:36:26 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?O) -- C:\Windows\System32\䗠Ō
[2010/11/21 11:52:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?O) -- C:\Windows\System32\ꎐŌ
[2010/11/21 11:52:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?O) -- C:\Windows\System32\ꎐŌ
[2010/10/21 12:34:49 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\늸Ĺ
[2010/10/21 12:34:49 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\늸Ĺ
[2010/10/20 12:34:11 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\Șʼn
[2010/10/20 12:34:11 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\Șʼn
[2010/10/13 11:52:30 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꏰ˿
[2010/10/13 11:52:30 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꏰ˿
[2010/10/11 12:27:42 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?K) -- C:\Windows\System32\䀀Ķ
[2010/10/11 12:27:42 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?K) -- C:\Windows\System32\䀀Ķ
[2010/09/12 14:55:29 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?) -- C:\Windows\System32\춘
[2010/09/12 14:55:29 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?) -- C:\Windows\System32\춘
[2010/08/22 22:27:43 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?N) -- C:\Windows\System32\Ń
[2010/08/22 22:27:43 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?N) -- C:\Windows\System32\Ń
[2010/08/21 11:50:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\Ļ
[2010/08/21 11:50:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\Ļ
========== Alternate Data Streams ==========
@Alternate Data Stream - 16 bytes -> C:\Users\Steve\Downloads:Shareaza.GUID
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
The strange thing is that my system is showing no signs of a problem and is running normally!
Any help would be greatly appreciated
Thanks